Microsoft's own research division has published findings that should make any business owner pause before handing their documents to an AI agent: frontier models including GPT-5.4, Claude 4.6 Opus, and Gemini 3.1 Pro lose an average of 25% of document content over just 20 editing interactions, with 80% of model-domain combinations showing what the researchers classify as "catastrophic corruption."
The timing is pointed. This paper, titled "LLMs Corrupt Your Documents When You Delegate," arrives as companies pour money into AI automation. Deloitte's latest data shows 57% of organisations are allocating between 21% and 50% of their digital transformation budgets to AI — while the very company selling many of those tools is publishing research showing they aren't ready for the job.
What Microsoft actually tested
Philippe Laban, Tobias Schnabel, and Jennifer Neville from Microsoft Research built DELEGATE-52, a benchmark that simulates long-horizon delegated document editing across 52 professional domains. These aren't toy tasks — the benchmark covers accounting ledgers, crystallography notation, music scores, legal filings, and dozens more specialist formats. Each of the 310 work environments contains real documents with 5-10 complex editing tasks tested over 20 consecutive interactions.
The evaluation method is elegant: models perform a forward edit, then a reverse edit that should perfectly restore the original document. Because each reversal happens in a fresh session, the model can't simply hit "undo" — it must genuinely understand and reproduce the document structure.
They tested 19 models across the major providers. The results were uniform in their severity.
The corruption isn't what you'd expect
Here's what makes this finding particularly dangerous for businesses: the failure mode isn't obvious. When weaker models fail, they delete content — you'd notice a chunk missing. But when frontier models fail, they actively corrupt the existing content. The text is still there, but it's been subtly distorted or hallucinated. A number changes. A clause gets reworded. A date shifts.
"Models lack the capability to write effective programs on the fly that can manipulate files across diverse domains without mistakes," said Philippe Laban, Senior Researcher at Microsoft Research. "When they cannot do something programmatically, they resort to reading and rewriting entire files, which is less efficient and more error prone."
The best-performing model, Google's Gemini 3.1 Pro, was deemed "ready" for delegated work in only 11 of 52 domains. The researchers set the bar at 98% fidelity — anything less means unacceptable content loss for professional work.
Giving agents tools makes it worse
Perhaps the most counterintuitive finding: equipping models with agentic capabilities — file read/write access and code execution — actually degraded performance by an average of 6 percentage points. The very tools meant to make AI agents more capable made them less reliable.
This directly contradicts the marketing pitch from every major AI vendor. Anthropic promises Claude will "work on your computer, local files, and applications to return a finished deliverable." Microsoft's own 365 Copilot marketing touts the ability to "tackle complex, multistep research across your work data." The research arm is, diplomatically, not so sure.
Laban explained the failure: generic tools aren't sufficient. The solution is "tightly scoped tools — such as specific functions to calculate or move entries within .ledger files — to keep agents on track." Generic file manipulation leads to generic failures.
What this means if you're running a business
If you've been delegating document-heavy tasks to AI agents — drafting contracts, editing financial reports, maintaining technical documentation — this research says your output has a meaningful chance of silent corruption. Not always. Not predictably. But often enough that you cannot trust the result without review.
The practical implications are clear:
Don't trust long-running autonomous workflows. The research shows that model performance after two interactions doesn't predict performance after twenty. A model that looks reliable in a quick test may still produce catastrophic failures in extended use. As The Register noted, "An intern who corrupted a quarter of a document over a long workflow would be shown the door."
Keep tasks short and transparent. Laban recommends building AI applications "around short, transparent tasks rather than complex long-horizon agents." Break big jobs into small, reviewable steps.
Invest in domain-specific tooling. Generic AI agents with generic tools produce generic failures. Purpose-built tools for your specific document types — whether that's accounting ledgers, legal contracts, or technical specifications — dramatically reduce corruption risk. This connects to what we've covered previously about the security risks inherent in agentic AI systems — the more autonomy you grant, the more safeguards you need.
Review incrementally, not just at the end. Because failures tend to be catastrophic single events rather than gradual degradation, checking only the final output misses the point. You need checkpoints throughout the workflow.
The silver lining — and why it matters
Laban is optimistic about trajectory: "Progress is real and fast. Looking at the GPT family alone, models go from scoring below 20% to around 70% in 18 months." That's genuine improvement. But even as foundation models improve, the researchers caution that enterprise environments — with their unique data formats, legacy systems, and edge cases — will always require custom tooling and human oversight.
This isn't a reason to avoid AI agents. It's a reason to deploy them intelligently. The businesses that will win aren't the ones who delegate everything to AI and hope for the best — they're the ones who understand exactly where AI is reliable (Python automation, structured data tasks) and where it isn't (complex document editing across specialist domains), and build their workflows accordingly.
For Australian businesses exploring AI automation: this is exactly why rushing to deploy without governance frameworks is risky. The technology is improving fast, but "improving fast" and "ready for unsupervised use" are different claims entirely.
Sources
- LLMs Corrupt Your Documents When You Delegate — Microsoft Research
- LLMs Corrupt Your Documents When You Delegate (full paper) — arXiv
- Frontier AI models don't just delete document content — they rewrite it — VentureBeat
- Microsoft researchers find AI models and agents can't handle long-running tasks — The Register
- AI and tech investment ROI — Deloitte Insights
